New Leak Makes iBoot Source Code Public

The code behind iOS’s secure boot was leaked to the public.

A user by the name of ZioShiba posted complete iBoot source on GitHub. Depending on the type of user you are, this could be extremely bad, or extremely good. If you’re a user that wants jail broken iPhone, then yes, this is good. If you’re a user that cares the slightest bit about your security and privacy, this is bad. Really, really bad.

iBoot, for the uninitiated, is the software behind iOS’s secure boot. This is the software that verifies the operating system when an iOS device is turned on. The version was for iOS 9.3, which is now quite old, but we can suspect that some, if not most of the code, remained the same. Was the code real? The code has been removed from GitHub thanks to a DMCA request from Apple, but as we all know, once something exists on the internet, it’s there forever.

Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.

Apple is effectively downplaying the leak. As they should. Undoubtedly they won’t want people picking through the code looking for any bugs or vulnerabilities. Undoubtedly, people will. Those that wish to jailbreak phones will surely be looking for bugs, and hoping that they’re still there in current versions. Malware creators and malicious actors will surely be doing the same thing. The only way anyone can be sure that potential vulnerabilities are not still there, is if Apple has completely rewritten the source code since this earlier version.

We can be sure that jail breakers and malware creators are hoping to find bugs in the software. I’m sure that Apple and users who are concerned for their own cyber safety are hoping that nothing is found.